Summary
Overview
Work History
Education
Certification
Technical Skills
Timeline
Generic

Sonal Agarwal

Santa Clara,CA

Summary

Vulnerability Management Lead with 7 years of experience across multiple tools and cross-platform environments. Focused on continuous learning and professional growth, bringing strategic thinking, innovative solutions, and execution skills to drive effective Vulnerability Management programs and enhance enterprise-wide security posture.

Overview

12
12
years of professional experience
1
1
Certification

Work History

Vulnerability Management Lead

Samsung Semiconductor Inc.
San Jose, CA
11.2020 - Current
  • Lead enterprise-wide vulnerability management programs across Samsung's infrastructure, driving across multiple engineering and service teams.
  • Implemented and enforced Samsung's Vulnerability Management policy, achieving 80% remediation reducing average time form 30 days to within policy SLA, leading to standardizing remediation processes and strengthening enterprise-wide security posture.
  • Lead and Executed 20 targeted remediation campaigns, each focusing on different identification methods, asset types, and risk targets, addressing hundreds of thousands of vulnerabilities across thousands of assets and multiple OS platforms, achieving 99% remediation.
  • Expanded program coverage to all infrastructure assets and application, including on-prem, cloud, endpoints, IOC, and supporting devices, improving risk visibility and exposure tracking.
  • Performed targeted compliance vulnerability scans based on CIS, ISO, and PCI DSS benchmarks, achieving 95% remediation of failed checks within regulatory timelines.
  • Onboarded, configured new VM tools, enhancing detection, tracking, automation. perform semi-annual health check to ensure 100% platform efficiency.
  • Identified thousands unmonitored security advisories vulnerabilities across 30 packages, including production systems and remediated 90% within 6 months of joining.
  • Integrated VM workflows with other security platforms and operational teams, improving prioritization, SLA compliance, and overall program efficiency, and cross-team collaboration for faster remediation.
  • Created and deployed custom SQL queries and analytics tools to consolidate vulnerability data from multiple sources, supporting large-scale tracking and data-driven remediation.
  • Developed asset discovery and management processes to maintain comprehensive visibility and ownership.
  • Established a Vulnerability Champions Program, streamlining communication and accountability across teams to accelerate remediation.
  • Created dashboards and KPIs for multiple audiences, enabling actionable insights for technical teams, managers, and executives on vulnerability trends and remediation progress.
  • Lead management of enterprise security posture and ratings on BitSight and SecurityScorecard improve external risk visibility and trust.
  • Mentored engineers in vulnerability management best practices, contributing to internal security training and capability development initiatives.
  • Directed security assessments for vulnerability management in multiple compliance audits, maintaining regulatory adherence.

Information Security Analyst

Apple Inc
Santa Clara
09.2018 - 10.2020
  • Conduct vulnerability scanning using Qualys 7.4, covering servers, applications, routers, firewalls, and diverse network protocols, ensuring comprehensive coverage across on-prem and hybrid environments.
  • Identified, analyzed, and classified vulnerabilities based on severity, exploitability, and business impact; partnered closely with system and application owners to define remediation strategies and mitigation plans, managing up to 250,000 vulnerabilities in a single remediation campaign.
  • Monitored remediation progress through dashboards and reporting, producing weekly and bi-weekly metrics to track SLA adherence, risk reduction, and remediation effectiveness across teams.
  • Validated assessment results and resolved false positives by correlating Qualys findings with logs and telemetry in Splunk, improving scan accuracy and stakeholder confidence in vulnerability data.
  • Established and operationalized asset discovery and management workflows, ensuring accurate asset inventory, clear ownership, and continuous visibility to support proactive and risk-based vulnerability management.
  • Conducted vulnerability and compliance scans aligned with NIST, PCI-DSS, and ISO 27002 requirements, supporting audit readiness and regulatory compliance initiatives.

Information Security Intern

Chelsoft Solutions Co
Olathe, KS
01.2018 - 06.2018
  • Directed research pertaining to the latest vulnerabilities, tools and the latest technological advances in combating unauthorized access to information.
  • Perform infra Vulnerability scans using Nessus tool.
  • Understood approaches for addressing vulnerabilities including system patching, deployment of specialized controls, code or infrastructure changes, changes in development processes, cloud and mobile devices Identified and resolved any false positive findings in assessment results.
  • Worked with computer operations to define standard operating system builds and configurations and develop effective build maintenance processes.

Software Programmer

Wipro Technologies
India
02.2014 - 11.2016
  • Installation and configuration of operating system, software and patches.
  • Managed firewall, network monitoring and server monitoring.
  • Configured user mailboxes to their handheld devices.
  • Performed regular health checks on hardware and software by monitoring the system.
  • Drafted monthly reports of network efficiency to determine if any changes were needed.
  • Experienced in Account creation, Password reset, the addition of user's attributes using Active Directory.
  • Created and managed MS Outlook mailbox for the employees using Microsoft Exchange Server 2010.
  • Monitored incident and service request tickets assigned to IT Security queue using HPSC ticketing tool.
  • Assessing security tickets and determining the appropriate operational and investigative steps required to address the security concerns.

Education

M.S - Cybersecurity & Information Assurance

University of Central Missouri
Warrensburg

Certification

  • Certified Information Systems Security Professional (CISSP)
  • CompTIA PenTest+

Technical Skills

Vulnerability Scanning (Qualys, Nessus, Rapid7, Nmap, Metasploit) | Malware Scanning (Crowdstrike) | SIEM (Splunk, FortiSIEM) | Programming (Python, Java, C) | Networking & DLP (Avecto, Symantec DLP)

Timeline

Vulnerability Management Lead

Samsung Semiconductor Inc.
11.2020 - Current

Information Security Analyst

Apple Inc
09.2018 - 10.2020

Information Security Intern

Chelsoft Solutions Co
01.2018 - 06.2018

Software Programmer

Wipro Technologies
02.2014 - 11.2016

M.S - Cybersecurity & Information Assurance

University of Central Missouri

Similar Profiles

  • Daniel StollDaniel Stoll

    Vulnerability Management Lead at Wells Fargo & CompanyVulnerability Management Lead at Wells Fargo & Company

  • Marshall BullMarshall Bull

    Vulnerability Management Lead at GuardSight Inc. (Iron Bow Technologies)Vulnerability Management Lead at GuardSight Inc. (Iron Bow Technologies)

  • Pratyasha RayPratyasha Ray

    VULNERABILITY MANAGEMENT LEAD at MICHAELSVULNERABILITY MANAGEMENT LEAD at MICHAELS

  • Edgar HuertaEdgar Huerta

    Cyber Defense/Vulnerability Management Team Lead (ACAS) at United States Air ForceCyber Defense/Vulnerability Management Team Lead (ACAS) at United States Air Force

CREATE PROFILE
Sonal Agarwal